CVE-2024-10971
published 2024-11-12CVE-2024-10971: Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data…
PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.51%
39.6th percentile
Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | devolutions_server | < 2024.3.7.0 | 2024.3.7.0 |
| devolutions | dvls | <= 2024.3.6 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-696j-qh6c-q484: Improper access control in the Password History feature in Devolutions DVLS 2024
ghsa_unreviewed·2024-11-12
CVE-2024-10971 [MEDIUM] CWE-200 GHSA-696j-qh6c-q484: Improper access control in the Password History feature in Devolutions DVLS 2024
Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.
Red Hat
kernel: scsi: ufs: core: Fix deadlock during RTC update
vendor_redhat·2024-09-04·CVSS 5.5
CVE-2024-44953 [MEDIUM] CWE-833 kernel: scsi: ufs: core: Fix deadlock during RTC update
kernel: scsi: ufs: core: Fix deadlock during RTC update
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix deadlock during RTC update
There is a deadlock when runtime suspend waits for the flush of RTC work,
and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.
Here is deadlock backtrace:
kworker/0:1 D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367
ptr f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff
__switch_to+0x1a8/0x2d4
__schedule+0x684/0xa98
schedule+0x48/0xc8
schedule_timeout+0x48/0x170
do_wait_for_common+0x108/0x1b0
wait_for_completion+0x44/0x60
__flush_work+0x39c/0x424
__cancel_work_sync+0xd8/0x208
cancel_delayed_work_sync+0x14/0x28
__ufshcd_wl_suspend+0x19c/0x480
ufshcd_wl_runtime_suspend+0x3c
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-12
Published